OpenRapid RapidCMS addgood.php sql injection
CVE-2023-5258

9.8CRITICAL

Key Information:

Vendor
OpenRapid
Status
RapidCMS
Vendor
CVE Published:
29 September 2023

Summary

A critical SQL injection vulnerability exists in OpenRapid RapidCMS version 1.3.1, specifically within the file /resource/addgood.php. The flaw allows remote attackers to manipulate the 'id' argument, potentially leading to unauthorized database access and manipulation. As this exploit is publicly disclosed, it poses a significant risk to users of this software. Immediate action is recommended to mitigate potential attacks.

Affected Version(s)

RapidCMS 1.3.1

References

https://vuldb.com/?id.240867
vdb-entrytechnical-description
https://vuldb.com/?ctiid.240867
signaturepermissions-required
https://github.com/OpenRapid/rapidcms/issues/9
issue-tracking

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

jamspilly (VulDB User)
.